Tag: social-engineering
-
CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits
The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of ongoing attempts by unknown threat actors to impersonate the cybersecurity agency by sending AnyDesk connection requests.The AnyDesk requests claim to be for conducting an audit to assess the “level of security,” CERT-UA added, cautioning organizations to be on the lookout for such social engineering…
-
Privacy Roundup: Week 3 of Year 2025
Tags: access, ai, android, apt, blockchain, breach, cctv, china, computer, cve, cyber, cybersecurity, data, detection, email, exploit, finance, firmware, github, google, group, guide, leak, malicious, malware, microsoft, phishing, privacy, regulation, router, scam, service, smishing, social-engineering, software, technology, threat, tool, update, virus, vulnerability, windowsThis is a news item roundup of privacy or privacy-related news items for 12 JAN 2025 – 18 JAN 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Microsoft’s January 2025 Patch Tuesday Addresses 157 CVEs (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)
Tags: access, advisory, ai, attack, authentication, best-practice, cloud, cve, defense, email, exploit, flaw, framework, github, group, intelligence, Internet, malicious, marketplace, microsoft, mitigation, ntlm, office, rce, remote-code-execution, saas, service, social-engineering, software, technology, threat, update, vulnerability, windows, zero-day10Critical 147Important 0Moderate 0Low Microsoft addresses 157 CVEs in the first Patch Tuesday release of 2025 and the largest Patch Tuesday update ever with three CVEs exploited in the wild, and five CVEs publicly disclosed prior to patches being made available. Microsoft patched 157 CVEs in its January 2025 Patch Tuesday release, with 10 rated…
-
ScrapedIn: How Bots Turn Social Media into Advanced Social Engineering
See how multi-channel scams target new hires through fake texts and emails, and learn practical steps to protect your organization from persistent social engineering attacks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/scrapedin-how-bots-turn-social-media-into-advanced-social-engineering/
-
Hackers Using YouTube Links and Microsoft 365 Themes to Steal Logins
Cybercriminals are executing sophisticated phishing attacks targeting Microsoft 365 users by employing deceptive URLs that closely resemble legitimate O365 domains, creating a high degree of trust with unsuspecting victims. The attackers leverage social engineering tactics, often claiming imminent password expiration, to induce panic and pressure users into clicking malicious links. Upon clicking, users are redirected…
-
Phishing click rates tripled in 2024 despite user training
For years organizations have invested in security awareness training programs to teach employees how to spot and report phishing attempts. Despite those efforts, enterprise users were three times as likely in 2024 to land on phishing pages compared to the previous year, according to a report from security vendor Netskope.Based on telemetry collected from its…
-
Legitimate PoC exploited to spread information stealer
A recently copied and abused open source proof of concept (PoC) exploit from a reputable security company, aimed at helping threat researchers, is the latest example of the novel tactics hackers will use to spread malware.PoCs for known vulnerabilities are created to be shared by students, researchers, and IT pros to improve software and toughen…
-
8 Cyber Predictions for 2025: A CSO’s Perspective
Tags: access, ai, attack, authentication, business, ceo, ciso, cloud, compliance, computing, control, credentials, cryptography, cyber, cyberattack, cybercrime, cybersecurity, data, defense, detection, encryption, exploit, extortion, firewall, framework, governance, group, hacker, hacking, healthcare, identity, intelligence, international, law, leak, malicious, mfa, microsoft, network, north-korea, organized, phishing, privacy, ransom, ransomware, regulation, risk, risk-management, service, social-engineering, software, strategy, supply-chain, theft, threat, tool, update, wifi, zero-trustAs we step into 2025, the cyberthreat landscape is once again more dynamic and challenging than the year before. In 2024, we witnessed a remarkable acceleration in cyberattacks of all types, many fueled by advancements in generative AI. For security leaders, the stakes are higher than ever. In this post, I’ll explore cyberthreat projections and…
-
What’s Next for Open Source Software Security in 2025?
Hidden dependencies, social engineering attacks, and the complexity of foundation models can all contribute tothe insecure use of open-source software in 2025. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/open-source-software-security-trends-2025/
-
China-linked hackers target Japan’s national security and high-tech industries
Tags: advisory, ai, attack, automation, breach, business, china, ciso, communications, corporate, cyber, cyberattack, cybersecurity, data, data-breach, defense, detection, endpoint, espionage, exploit, finance, government, group, hacker, healthcare, incident response, infrastructure, intelligence, malicious, malware, microsoft, network, organized, penetration-testing, phishing, powershell, risk, risk-management, social-engineering, spear-phishing, strategy, supply-chain, tactics, technology, threat, tool, training, vulnerability, windows, zero-dayJapan’s National Police Agency (NPA) and the National Center of Incident Readiness and Strategy for Cybersecurity (NISC) have exposed a long-running cyber espionage campaign, “MirrorFace” (also known as Earth Kasha), allegedly linked to China.The campaign, operational since 2019, has targeted Japanese organizations, businesses, and individuals, primarily to exfiltrate sensitive data related to national security and…
-
Social Engineering – Schutz vor heimtückischen Pretexting-Angriffen
Tags: social-engineeringFirst seen on security-insider.de Jump to article: www.security-insider.de/-pretexting-social-engineering-angriff-a-87187553754e15fc1dd0bc6f0c02c75c/
-
Researchers Reveal Exploitation Techniques of North Korean Kimsuky APT Group
Tags: apt, cyber, data, espionage, exploit, government, group, korea, malware, network, north-korea, social-engineering, tactics, threatSince 2013, the advanced persistent threat (APT) known as Kimsuky, which the North Korean government sponsors, has been actively conducting cyber espionage operations. It employs advanced malware, spearphishing, and social engineering tactics to infiltrate target networks and exfiltrate sensitive data, focusing on South Korea and other countries with strategic interests in the Korean Peninsula. A…
-
Fraudsters Exploit Trust with Fake Refund Schemes in the Middle East
A report from Group-IB reveals a sophisticated social engineering scam targeting consumers in the Middle East, leveraging government First seen on securityonline.info Jump to article: securityonline.info/fraudsters-exploit-trust-with-fake-refund-schemes-in-the-middle-east/
-
Agents, Robotics, and Auth Oh My! – Impart Security
Tags: access, ai, api, attack, automation, awareness, backdoor, breach, chatgpt, cloud, conference, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, ddos, deep-fake, defense, detection, email, exploit, finance, firewall, fraud, healthcare, incident response, infrastructure, intelligence, kubernetes, LLM, malicious, malware, mitigation, network, offense, password, phishing, risk, saas, scam, security-incident, service, social-engineering, software, strategy, supply-chain, technology, threat, unauthorized, update, vulnerability, wafAgents, Robotics, and Auth – Oh My! Introduction 2025 will be the year of the futurist. I never thought that I’d be writing a blog post about AI and robotics at this point in my career, but technology has advanced so much in the lat 12 months setting up 2025 to be a landmark year…
-
How AI and deepfakes are redefining social engineering threats
This article presents key insights from 2024 reports on the rise of phishing attacks, focusing on how advancements in AI and deepfake technology are making social engineering … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/07/phishing-trends-2024/
-
Cybersicherheitsbedrohungen für 2025: Fünf Erkenntnisse aus dem Darknet
Von hochentwickelten Desinformationsdiensten bis hin zu gestohlenen digitalen Identitäten, Schwachstellen im Smarthome-Bereich sowie KI-gesteuertes Social Engineering das sind die wichtigsten Themen, die derzeit in Dark-Web-Foren diskutiert werden [1]. Jedes Jahr im Dezember sagen die Experten von NordVPN die Cybersicherheitsrisiken für das kommende Jahr voraus. In diesem Jahr haben sie sich mit NordStellar Analytics… First seen…
-
North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign
North Korean threat actors behind the ongoing Contagious Interview campaign have been observed dropping a new JavaScript malware called OtterCookie.Contagious Interview (aka DeceptiveDevelopment) refers to a persistent attack campaign that employs social engineering lures, with the hacking crew often posing as recruiters to trick individuals looking for potential job opportunities into First seen on thehackernews.com…
-
The 2024 cyberwar playbook: Tricks used by nation-state actors
Tags: access, ai, apt, at&t, attack, authentication, backdoor, blizzard, botnet, breach, china, cisa, cloud, control, credentials, cve, cvss, cyber, cybersecurity, data, ddos, defense, detection, email, espionage, exploit, flaw, fortinet, google, government, group, hacker, hacking, healthcare, india, infrastructure, iran, ivanti, linux, login, malicious, malware, mfa, microsoft, mobile, network, offense, office, open-source, password, phishing, powershell, remote-code-execution, router, russia, service, social-engineering, software, spear-phishing, spy, strategy, supply-chain, tactics, theft, threat, tool, unauthorized, update, vpn, vulnerability, warfare, windows, worm, zero-dayIn 2024, nation-state cyber activity was off the charts, with Chinese, Russian, and Iranian actors leading the charge. Their campaigns weren’t just relentless, they were innovative, using a crafty mix of Tactics, Techniques, and Procedures (TTPs) to gain footholds, stay hidden, and spy-like pros.”There was definitely a continued and noted uptick in nation-state activity in…
-
New Watering Hole Attack That Used Fake Adobe Flash Player Update To Deliver Malware
Tags: adobe, apt, attack, cyber, cybersecurity, data-breach, email, exploit, firewall, group, malicious, malware, phishing, ransomware, social-engineering, threat, tool, update, vpn, vulnerabilityCybersecurity threats are increasingly targeting vulnerabilities in publicly exposed assets like VPNs and firewalls, exploited by various actors, including APT groups and ransomware gangs. While this focus is understandable, it’s crucial not to neglect traditional attack vectors like phishing emails, malicious websites, and social engineering, as they remain potent tools in the hands of attackers.…
-
Wo Unternehmen die größten Bedrohungen sehen
Social Engineering gilt laut einer Umfrage auf der it-sa 2024 mit 97 Prozent als größtes Cybersicherheitsrisiko. Auch Ransomware und Insider-Bedrohungen bereiten IT-Experten große Sorgen. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/security-management/wo-unternehmen-die-groessten-bedrohungen-sehen/
-
CISOs should stop freaking out about attackers getting a boost from LLMs
Tags: ai, attack, automation, ciso, cyber, cybercrime, cybersecurity, defense, disinformation, exploit, hacker, hacking, infrastructure, LLM, malware, network, offense, penetration-testing, phishing, programming, ransomware, risk, social-engineering, startup, technology, threat, tool, vulnerability, warfareA common refrain from cybersecurity professionals in recent years has been the need for a diversification of the CISO role to meet the demands of increased responsibility across numerous categories. In the past year, this refrain has grown louder, specifically around the topic of generative AI.Large language models (LLMs) have added a new dimension to…
-
Texas Tech Fumbles Medical Data in Massive Breach
The cyberattack impacts at least 1.4 million patients, as tranches of highly sensitive personal, medical, and financial data fall into the hands of cyber crooks who have everything they need to carry out convincing social engineering and fraud attacks. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/texas-tech-medical-data-breach
-
Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware
A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate.”An attacker used social engineering via a Microsoft Teams call to impersonate a user’s client and gain remote access to their system,” Trend Micro researchers Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta said.”The attacker…
-
Data Security Predictions for 2025: Putting Protection and Resilience at Center Stage
Tags: access, ai, attack, authentication, breach, business, cloud, compliance, computer, computing, credentials, crypto, cryptography, cyber, cyberattack, cybercrime, cybersecurity, data, defense, detection, dora, encryption, framework, hacker, infrastructure, international, law, ml, monitoring, network, nis-2, nist, PCI, phishing, privacy, regulation, resilience, risk, risk-management, service, skills, social-engineering, software, strategy, supply-chain, technology, threat, tool, vulnerability, zero-trustData Security Predictions for 2025: Putting Protection and Resilience at Center Stage madhav Tue, 12/17/2024 – 05:10 Cybersecurity is a remarkably dynamic industry. New trends, technologies, and techniques reshape the landscape at an extraordinary pace, meaning keeping up can be challenging. Protecting data, the driving force of modern businesses, will continue to be the primary…
-
Guarding against AI-powered threats requires a focus on cyber awareness
Tags: ai, attack, awareness, breach, ciso, cloud, communications, cyber, cyberattack, cybercrime, cybersecurity, data, defense, fortinet, incident, incident response, malware, phishing, privacy, risk, risk-management, saas, social-engineering, technology, threat, trainingThreat actors will always find nefarious uses for new technologies, and AI is no exception. Attackers are primarily using AI to enhance the volume and velocity of their attacks. They’re also using the technology to make phishing communications more believable with perfect grammar and context-aware personalization.As cybercriminals harness new technologies to advance their operations, it’s…
-
Hackers Weaponizing Microsoft Teams to Gain Remote Access
Tags: access, attack, cyber, cybersecurity, exploit, hacker, malicious, microsoft, social-engineering, tacticsRecent cybersecurity research has uncovered a concerning trend where hackers are exploiting Microsoft Teams to gain remote access to victim systems. Utilizing sophisticated social engineering tactics, these malicious actors pose as legitimate employees or trusted contacts, leveraging video calls on Microsoft Teams to deceive users into downloading harmful software. The attack typically begins with an…
-
Video: How Two Crypto Scammers Stole $230 Million in Bitcoin
This video covers the $230 million Bitcoin heist by two scammers, Malone Lam and Jeandiel Serrano, who used social engineering to bypass security measures. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/video/crypto-thieves-steal-230-million-dollars-in-bitcoin/
-
‘Dubai Police’ Lures Anchor Wave of UAE Mobile Attacks
A sophisticated social engineering cybercrime campaign bent on financial gain was observed being run from Tencent servers in Singapore. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/dubai-police-lures-uae-mobile-attacks
-
Social-Engineering-Threats stufen fast alle Unternehmen als größtes Cybersicherheitsrisiko ein
KnowBe4 veröffentlicht die Ergebnisse seiner aktuellen Umfrage von der it-sa 2024. Die Umfrage zum Thema Compliance und Cyberrisiken wurde unter 50 Messebesuchern durchgeführt. Dabei zeigte sich, dass ganze 97 Prozent Social-Engineering-Threats als größtes Cybersicherheitsrisiko ansehen. Dicht gefolgt von Ransomware mit 90 Prozent und Insider-Threats mit 82,5 Prozent. Ebenfalls häufig genannt wurden Ressourcenknappheit (40 Prozent) sowie…

